Не может получить доступ к phpmyadmin через лак 6 на example.com/animalute/_pa_ad
Мне нужно использовать разные бэкэнды для разных URL-адресов запросов, и у меня возникает проблема при попытке доступа к phpmyadmin.
/* SET THE HOST AND PORT OF WORDPRESS
* *********************************************************/
vcl 4.0;
import std;
backend web232 {
.host = "10.10.10.232";
.port = "80";
.first_byte_timeout = 20s;
.connect_timeout = 300s;
}
backend web233 {
.host = "10.10.10.33";
.port = "80";
.first_byte_timeout = 20s;
.connect_timeout = 300s;
}
backend web221 {
.host = "10.10.10.221";
.port = "80";
.first_byte_timeout = 20s;
.connect_timeout = 300s;
}
backend web230 {
.host = "10.10.10.230";
.port = "80";
.first_byte_timeout = 20s;
.connect_timeout = 300s;
}
backend web235 {
.host = "10.10.10.235";
.port = "80";
.first_byte_timeout = 20s;
.connect_timeout = 300s;
}
backend web236 {
.host = "10.10.10.236";
.port = "80";
.first_byte_timeout = 20s;
.connect_timeout = 300s;
}
**backend web237 {
.host = "10.10.10.237";
.port = "80";
.first_byte_timeout = 20s;
.connect_timeout = 300s;**
}
#Hitch
include "/etc/varnish/acmetool.vcl";
# SET THE ALLOWED IP OF PURGE REQUESTS
# ##########################################################
acl purge {
"localhost";
"127.0.0.1";
"10.10.10.0/24";
"10.10.10./24";
}
#Detect device
sub detect_device {
# Define the desktop device
set req.http.X-Device = "desktop";
if (req.http.User-Agent ~ "iP(hone|od)" || req.http.User-Agent ~ "Android" || req.http.User-Agent ~ "iPad") {
# Define smartphones and tablets
set req.http.X-Device = "smart";
}
}
#THE RECV FUNCTION
# ##########################################################
sub vcl_recv {
call detect_device;
# REDIRECT WWW TO NON-WWW
if (req.http.host ~ "^www.example2.com") {
return (synth (750, ""));
}
# REDIRECT NON-WWW TO WWW
if (req.http.host ~ "^example.com") {
return (synth (751, ""));
}
#---REDIRECT TO HTTPS
if (std.port(local.ip) == 80 && req.http.host ~ "^(www\.)?example.com(:[0-9]+)?$") {
set req.http.x-redir = "https://" + req.http.host + req.url;
return(synth(850, "Moved permanently"));
}
if (std.port(local.ip) == 80 && req.http.host ~ "^(www\.)?example2.com(:[0-9]+)?$") {
set req.http.x-redir = "https://" + req.http.host + req.url;
return(synth(850, "Moved permanently"));
}
if (std.port(local.ip) == 80 && req.http.host ~ "p.example3.ro(:[0-9]+)?$") {
set req.http.x-redir = "https://" + req.http.host + req.url;
return(synth(850, "Moved permanently"));
}
if (req.http.host ~ "(www\.)?example2.com" && req.url ~ "^/_pa_ad/") {
set req.http.x-method = req.method;
return (pass);
}
if (req.method == "PUT") {
set req.http.x-method = req.method;
return (pass);
}
if (req.method == "PATCH") {
set req.http.x-method = req.method;
return (pass);
}
if (req.http.host ~ "^(www\.)?example2.com(:[0-9]+)?$") {
set req.backend_hint = web232;
}
else if (req.http.host ~ "dev.example2.com(:[0-9]+)?$") {
set req.backend_hint = web233;
return (pipe);
}
else if (req.http.host ~ "^p.example3.ro(:[0-9]+)?$") {
set req.backend_hint = web221;
}
else if (req.http.host ~ "(www\.)?example.com" && req.url ~ "^/copilultau/?") {
set req.backend_hint = web236;
}
else if (req.http.host ~ "(www\.)?example.com" && req.url ~ "^/bucatariata/?") {
set req.backend_hint = web235;
}
else if (req.http.host ~ "(www\.)?example.com" && req.url ~ "^/animalute/?") {
set req.backend_hint = web237;
return (pipe);
}
**else if (req.http.host ~ "(www\.)?example.com" && req.url ~ "^/animalute/_pa_ad/") {
set req.backend_hint = web237;
return (pass);
}**
else if (req.http.host ~ "(www\.)?example.com(:[0-9]+)?$") {
set req.backend_hint = web230;
}
# set realIP by trimming CloudFlare IP which will be used for various checks
set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", "");
# FORWARD THE IP OF THE REQUEST
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
# Purge request check sections for hash_always_miss, purge and ban
# BLOCK IF NOT IP is not in purge acl
# ##########################################################
# Enable smart refreshing using hash_always_miss
if (req.http.Cache-Control ~ "no-cache") {
if (client.ip ~ purge || std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {
set req.hash_always_miss = true;
}
}
if (req.method == "PURGE") {
if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {
return(synth(405,"Not allowed."));
}
return (purge);
}
if (req.method == "BAN") {
# Same ACL check as above:
if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {
return(synth(403, "Not allowed."));
}
ban("req.http.host == " + req.http.host +
" && req.url == " + req.url);
# Throw a synthetic page so the
# request won't go to the backend.
return(synth(200, "Ban added"));
}
# Unset cloudflare cookies
# Remove has_js and CloudFlare/Google Analytics __* cookies.
set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
# Remove a ";" prefix, if present.
set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
# For Testing: If you want to test with Varnish passing (not caching) uncomment
# return( pass );
# DO NOT CACHE RSS FEED
if (req.url ~ "/feed(/)?") {
return ( pass );
}
#Pass wp-cron
if (req.url ~ "wp-cron\.php.*") {
return ( pass );
}
## Do not cache search results, comment these 3 lines if you do want to cache them
if (req.url ~ "/\?s\=") {
return ( pass );
}
# CLEAN UP THE ENCODING HEADER.
# SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING
# VARNISH WILL CREATE SEPARATE CACHES FOR EACH
# DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
# ##########################################################
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
# No point in compressing these
unset req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unknown algorithm
unset req.http.Accept-Encoding;
}
}
# PIPE ALL NON-STANDARD REQUESTS
# ##########################################################
if (req.method != "GET" &&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "TRACE" &&
req.method != "OPTIONS" &&
req.method != "DELETE") {
return (pipe);
}
# ONLY CACHE GET AND HEAD REQUESTS
# ##########################################################
if (req.method != "GET" && req.method != "HEAD") {
#modif robert era pass
return (pass);
}
# OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER
# COMMENT OR UNCOMMENT BOTH
# ##########################################################
if ( req.http.cookie ~ "wordpress_logged_in|resetpass" ) {
return( pass );
}
#fix CloudFlare Mixed Content with Flexible SSL
if (req.http.X-Forwarded-Proto) {
return(hash);
}
# IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN
# THEN UNSET THE COOKIES
# ##########################################################
if (!(req.url ~ "wp-(login|admin)")
&& !(req.url ~ "&preview=true" )
){
unset req.http.cookie;
}
if (!(req.url ~ "_pa_ad")) {
unset req.http.cookie;
}
##masini-noi
# if (!(req.url ~ "/masini-noi(/)?")
# && !(req.url ~ "&preview=true" )
# ){
# unset req.http.cookie;
# }
# IF BASIC AUTH IS ON THEN DO NOT CACHE
# ##########################################################
if (req.http.Authorization || req.http.Cookie) {
return (pass);
}
# IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
# ##########################################################
return (hash);
# This is for phpmyadmin
}
sub vcl_hash {
if (req.http.X-Forwarded-Proto) {
hash_data(req.http.X-Forwarded-Proto);
}
if (req.http.X-Device ~ "smart" || req.http.X-Device ~ "other") {
hash_data(req.http.X-Device);
}
}
# HIT FUNCTION
# ##########################################################
sub vcl_hit {
return (deliver);
}
# MISS FUNCTION
# ##########################################################
sub vcl_miss {
return (fetch);
}
# FETCH FUNCTION
# ##########################################################
sub vcl_backend_response {
# I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
# TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
# TO DO THIS
# ##########################################################
set beresp.http.Vary = "Accept-Encoding";
# set bereq.method = bereq.http.x-method;
# IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
# TIME THIS PAGE WILL STAY CACHED (TTL), add other locations or subdomains you do not want to cache here in case they set cookies
# ##########################################################
if (!(bereq.url ~ "(wp-(login|admin)|(_pa_ad))") && !(bereq.http.cookie ~ "wordpress_logged_in|resetpass")) {
unset beresp.http.set-cookie;
set beresp.ttl = 300s;
set beresp.grace = 3d;
}
if (bereq.url ~ "^/_pa_ad/") {
set beresp.uncacheable = true;
set beresp.ttl = 120s;
return (deliver);
}
if (beresp.ttl <= 0s ||
beresp.http.Set-Cookie ||
beresp.http.Vary == "*") {
set beresp.ttl = 120 s;
# set beresp.ttl = 120s;
set beresp.uncacheable = true;
return (deliver);
}
return (deliver);
}
sub vcl_synth {
if (resp.status == 850) {
set resp.http.Location = req.http.x-redir;
set resp.status = 301;
return (deliver);
}
if (resp.status == 301 || resp.status == 302) {
set resp.http.location = resp.reason;
set resp.reason = "Moved";
return (deliver);
}
if (resp.status == 750) {
set resp.status = 301;
#set resp.http.Location = "http://www." + req.http.host + req.url;
set resp.http.Location = "http://" + regsuball(req.http.host, "www\.", "") + req.url;
return(deliver);
}
#temporar pentru lpf
if (resp.status == 751) {
set resp.status = 301;
set resp.http.Location = "https://www." + req.http.host + req.url;
return(deliver);
}
}
# DELIVER FUNCTION
# ##########################################################
sub vcl_deliver {
# IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
# IN THE HEADER (GREAT FOR DEBUGGING)
# ##########################################################
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
# IF THIS IS A MISS RETURN THAT IN THE HEADER
# ##########################################################
} else {
set resp.http.X-Cache = "MISS";
}
}
#sub vcl_pipe {
# http://www.varnish-cache.org/ticket/451
# This forces every pipe request to be the first one.
# set bereq.http.connection = "close";
#}
Так что это условное условие, которое указывает на мой бэкэнд phpmyadmin (т.е. _pa_ad):
**else if (req.http.host ~ "(www\.)?example.com" && req.url ~ "^/animalute/_pa_ad/") {
set req.backend_hint = web237;
return (pass);
}**
В /etc/phpmyadmin/apache.conf у меня есть: Alias / animalute / _pa_ad / usr / share / phpmyadmin
Понятия не имею, что я делаю не так. Когда я получаю доступ к этой ссылке, в devtools я получаю: 1) URL-адрес запроса: https://example.com/animalute/_pa_ad Расположение: https://www.example.com/animalute/_pa_ad2) URL-адрес запроса: https://www.example.com/animalute/_pa_ad Местоположение: http://www.example.com/animalute/_pa_ad3) http://www.example.com/animalute/_pa_ad/ Расположение: https://www.example.com/animalute/_pa_ad/4) URL запроса: https://www.example.com/animalute/_pa_ad/ И здесь перенаправление прекращается. Затем я захожу в phpmyadmin и получаю: DNS_PROBE_FINISHED_NXDOMAIN Затем, если я обновляюсь, я получаю ту же ошибку (что и следовало ожидать), но я, если ввожу тот же адрес, https://www.example.com/animalute/_pa_ad/, это работает с учетными данными, которые я только что ввел. Насколько я вижу, это также имеет какое-то отношение к конечному слешу, но я не уверен, как его решить.
Любые предложения с благодарностью.